Down-level browsers compromise online security

Nearly a quarter of internet users aren't keeping their browsers up to date with the latest versions, compromising their online security

Despite the majority of current cyber attacks originating from the web, 23 per cent of internet users are still running old or outdated web browsers, according the research from Kaspersky Lab. Of these, almost two-thirds (14.5 per cent) are currently using the previous version of a browser, while the remaining 8.5 per cent use obsolete versions.

The research, which analysed the web usage patterns of Kaspersky Lab’s millions of customers’ worldwide through the cloud-based Kaspersky Security Network, revealed that when a new version of a browser is released, it takes approximately one month for most users to make the upgrade. Yet cybercriminals can move to exploit known browser vulnerabilities within hours.

According to the findings, the most popular browser was Internet Explorer, used by 37.8 per cent of users, followed by Google Chrome (36.5 per cent) and then Firefox (19.5 per cent). Looking specifically at the proportion of users with the most recent version installed August 2012), 80.2 per cent of Internet Explorer users are currently using the most recent browser, followed by 79.2 per cent of Chrome users and 66.1 percent of FireFox users. The most notable examples of obsolete browsers are Internet Explorer 6 and 7, with a combined share of 3.9 per cent, representing hundreds of thousands of users worldwide.

Andrey Efremov, Director of Whitelisting and Cloud Infrastructure Research at Kaspersky Lab, said: “Our new research paints an alarming picture. While most users make a switch to the most recent browser within a month of the update, there will still be around a quarter of users who have not made the transition. That means millions of potentially vulnerable machines, constantly attacked using new and well-known web-born threats. This is strong evidence of the urgent need for proper security software which is able to react to new threats in a matter of minutes, not days or even weeks.”

With cybercriminals increasingly utilising vulnerabilities in web browser applications or outdated plug-ins, not updating browsers can have serious security implications for users. The latest research from Kaspersky Lab clearly shows that while the majority of Internet users are diligently updating their web browsers in a timely fashion, there are still tens of millions of users that expose themselves by not updating these crucial applications.

While this report is primarily comprised of consumer user data, corporations should pay particular attention to the results. As employees’ abilities to install updates are limited, using obsolete software is a common, and potentially dangerous, practice in business environments. Kaspersky Lab offers an efficient solution which makes it possible to discover and allow updates of outdated or vulnerable software, in full compliance with security policies.